Botnet

Masjesu botnet, marketed via Telegram, exploits 12 vulnerabilities to conscript routers and IoT devices for DDoS attacks. Nearly 50% of traffic originates from Vietnam.

Akamai detects active exploitation of CVE-2025-29635 in discontinued D-Link DIR-823X routers. The tuxnokill variant spreads via command injection and launches DDoS attacks from compromised devices.

Over 1,000 exposed ComfyUI instances targeted by cryptomining campaign. Attackers exploit custom nodes for RCE, deploy XMRig and Hysteria V2 botnet with persistence.

Security researchers expose KadNap malware targeting ASUS routers to build a criminal proxy network. 60% of infected devices located in the US, linked to Doppelganger service.

International operation seizes C2 infrastructure for AISURU, Kimwolf, JackSkid, and Mossad botnets. Peak attacks hit 31.4 Tbps, targeting DOD systems and critical infrastructure.

New KadNap botnet targets Asus routers using peer-to-peer Kademlia protocol for stealth C2. Over 60% of infections in the US, linked to Faceless proxy service.

New botnet loader stores encrypted commands in smart contracts on Polygon, making traditional infrastructure takedowns ineffective. Operating costs are under $1 for 100+ commands.

New Linux botnet SSHStalker infected 7,000 cloud servers using brute-force SSH attacks and 2009-era kernel exploits. Uses IRC for command-and-control while apparently staging for future operations.

Budget Android TV boxes and tablets ship with backdoors from the factory, turning home networks into criminal infrastructure for ad fraud and proxy services.

Nine-month-old botnet campaign pivots to exploit CVE-2025-55182 in Next.js, deploying cryptominers and Mirai variants across exposed instances.

Massive Android botnet targets set-top boxes and tablets, issued 1.7 billion attack commands in 3 days, briefly surpassing Google in DNS rankings.